Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.
Solved
Why does loopback mode trump GPPE drive maps but not GPO user logon script?
Posted on 2013-06-17
I recently migrated my users to a new GPO structure, taking advantage of numerous Group Policy Preferences. I’ve stumbled on to an issue where users’ drive mappings are not being made when they log into a conference room computer.
These conference room computers have loopback enabled (“Replace”) so I can lock several, albeit minor, settings down. The drive mappings are done via User GPPE > Windows Settings > Drive Maps. In the old days, I did it with a GPO user logon script (which worked). The GPPE drive maps do not work.
If I change the loopback mode to “merge”, it will work, but then I lose my ability to lock stuff down.
Anyone have an explanation or advice how to get around this?
These conference room computers have loopback enabled (“Replace”) so I can lock several, albeit minor, settings down. The drive mappings are done via User GPPE > Windows Settings > Drive Maps. In the old days, I did it with a GPO user logon script (which worked). The GPPE drive maps do not work.
If I change the loopback mode to “merge”, it will work, but then I lose my ability to lock stuff down.
Anyone have an explanation or advice how to get around this?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
1 Comment
Active today
To start with: you don't lose the ability to "lock stuff down" with Loopback processing in Merge mode.
All that Loopback mode does is tell the OS to apply user configuration GPOs based on the OU where the computer account is.
In "Merge" mode, the user configuration GPOs will be applied based on the user object's location in AD first, then the user configuration GPOs based on the computer object's location in AD (so that with concurrent policies, the one applied via Loopback will always win).
In "Replace" mode, any user configuration GPO based on the user object's location in AD will be skipped altogether, and only the ones linked to the computer object's location will be applied.
So you can either use "Merge" mode, making use of the Loopback's higher priority to lock down whatever was allowed in the default GPOs, or you can use "Replace" mode to log the users on with a clean slate, put all the drive mapping GPPs into their own dedicated GPO, and link the drive mapping GPO not only to the user OU, but to the conference room OU as well (or duplicate the GPPs, but if you need the same drive mappings, then that's not really the best solution).
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
All that Loopback mode does is tell the OS to apply user configuration GPOs based on the OU where the computer account is.
In "Merge" mode, the user configuration GPOs will be applied based on the user object's location in AD first, then the user configuration GPOs based on the computer object's location in AD (so that with concurrent policies, the one applied via Loopback will always win).
In "Replace" mode, any user configuration GPO based on the user object's location in AD will be skipped altogether, and only the ones linked to the computer object's location will be applied.
So you can either use "Merge" mode, making use of the Loopback's higher priority to lock down whatever was allowed in the default GPOs, or you can use "Replace" mode to log the users on with a clean slate, put all the drive mapping GPPs into their own dedicated GPO, and link the drive mapping GPO not only to the user OU, but to the conference room OU as well (or duplicate the GPPs, but if you need the same drive mappings, then that's not really the best solution).
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
- NetScaler
- Microsoft Legacy OS
- Citrix
- Windows OS
- Web Browsers
- Windows 7
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference.
This will be demonstrated using Windows 7 operating system.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
- Windows 10
- Microsoft Legacy OS
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, Windows XP, Windows 2000, *Windows Explorer, *Internet Explorer (IE)
Suggested Courses
Course of the Month6 days, 16 hours left to enroll
704 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.